#!/bin/bash
# The following may be heavily borrowed from, if not
# copied from, the NSA's December 20, 2007 "Guide to the
# Secure Configuration of Red Hat Enterprise Linux 5, Revision 2"

# Title - Setting Lockouts for Failed Password Attempts

#Initialize variables
export PRECHECK="if ( grep -P 'auth\s+include\s+config-util\nauth\s+required\s+pam\_tally2\.so deny=5 onerr=fail' /etc/pam.d/system-config-* && grep 'account\t\tinclude\t\tconfig-util\naccount\t\trequired\tpam\_tally2\.so' /etc/pam.d/system-config-* ); then echo found; fi"
export QUESTION="Would you like to enforce password lockout?"
export DESCRIPTION="Locking out user accounts presents the risk of a denial-of-service attack. The security policy regarding system lockout must weigh whether the risk of such a denial-of-service attack outweighs the benefits of thwarting password guessing attacks."
<<<<<<< .mine
export SOLUTION="sed -i -e 's/auth[\t ]*include[\t ]*config-util/auth\t\tinclude\t\tconfig-util\nauth\t\trequired\tpam\_tally2\.so deny=5 onerr=fail/
s/account[\t ]*include[\t ]*config-util/account\t\tinclude\t\tconfig-util\naccount\t\trequired\tpam\_tally2\.so/' /etc/pam.d/system-config-* "
=======
export SOLUTION="sed -i -e 's/auth[\t ]*include[\t ]*config-util/auth\t\tinclude\t\tconfig-util\nauth\t\trequired\tpam\_tally2\.so deny=5 onerr=fail/' /etc/pam.d/system-config-*; 
sed -i -e 's/account[\t ]*include[\t ]*config-util/account\t\tinclude\t\tconfig-util\naccount\t\trequired\tpam\_tally2\.so/' /etc/pam.d/system-config-* "
>>>>>>> .r141

